To prevent illegal log-in even when a user ID and a password are stolen in the case of user authentication by the user ID and the password at a system where a client utilizes a server.

A fingerprint recognizing device 30 is added to a client 20, three input requests of user ID, password and fingerprint are outputted at the time of user log-in, when the fingerprint relevant to the user ID is inputted, the inputted password is converted and a certificate request is outputted to a server 10 by the inputted user ID and the converted password. At the client 20, the algorithm for converting the password is programmed. The user ID and the password to be converted on the side of client 20 are previously registered in the server 10. This password registered in the server 10 is made different from the password to be inputted by the user, and made secret. The user is certified by the inputted user ID and the secret password registered in the server 10.